Privacy Policy

Phishing is a fraudulent attempt to get you to provide personal information including, but not limited to, account information.

OpenDNS ("OpenDNS"), operates PhishTank.com ("PhishTank"), a free community website for submitting
and verifying suspected phishing websites and emails and sharing this information with the community
via a free API. It is OpenDNS's policy to respect your privacy regarding any information we may collect
while operating PhishTank.

Website Visitors

PhishTank collects non-personally-identifying information including the sort that web browsers and
servers typically make available, such as the browser type, language preference, referring site, and
the date and time of each visitor request. PhishTank's purpose in collecting non-personally identifying
information is to better understand how PhishTank's visitors use its website.

From time to time, PhishTank may release non-personally-identifying information in the aggregate,
e.g., by publishing a report on trends in the usage of PhishTank.

API Users

For those users who complete the free PhishTank registration and use the Application Programming
Interface (API) to programmatically submit information to or request information from PhishTank,
additional information is recorded, including the screen name ("User ID"), the API key, the action, the parameters,
and the IP address used to make the request. API usage is not limited, and it is free, but PhishTank
may use this data to identify overuse of PhishTank resources via the API. PhishTank may also solicit
feedback from API users via their registered email address about how the API is used, and how it
might be improved.

From time to time, PhishTank may release non-personally-identifying information in the aggregate,
e.g., by publishing a report on trends in the usage of the PhishTank API. PhishTank does not disclose
personally-identifying information about API usage other than as described below.

Submission of Suspected Phish Emails

PhishTank collects suspected phish emails ("phishes") which are submitted by registered members of
its community. Phishes may include personal information, including email addresses and names, whether
in the body or headers of emails. For this reason, PhishTank makes reasonable effort not to display
anything on the website about submitted phishes which may identify the submitter beyond the PhishTank
User ID. Similarly, PhishTank does not share personal information via its API. PhishTank goes to
reasonable lengths to protect or remove any personally-identifying information in the suspected
phishes. However, PhishTank cannot guarantee that its measures will be successful. PhishTank and
OpenDNS cannot be held responsible for any failure or inability to protect your information. Submitting
phishes does incur some risk, and you agree to accept this risk in your use of PhishTank.

Gathering of Personally-Identifying Information

Certain visitors to PhishTank choose to interact with PhishTank in ways that require PhishTank
to gather personally-identifying information. The amount and type of information that PhishTank
gathers depends on the nature of the interaction. For example, we ask customers who want to submit
or verify potential phishing websites and emails to register with a User ID and email address on
the PhishTank website. The same information is required to use the PhishTank API. Those who engage
in transactions with PhishTank are asked to provide additional information, including as necessary
the personal and financial information required to process those transactions. In each case, PhishTank
collects such information only insofar as is necessary or appropriate to fulfill the purpose of the
customer's interaction with PhishTank. PhishTank does not disclose personally-identifying information
other than as described below. And visitors can always refuse to supply personally-identifying
information, with the caveat that it may prevent them from engaging in certain activities.

Aggregated Statistics

PhishTank may collect statistics which may be comprised of aggregated personally-identifying
information about the behavior of visitors to PhishTank. For instance, PhishTank may describe which
companies are most often the target of community-verified phish, or the total number of registered
users. PhishTank may display this statistical information publicly or provide it to others. However,
PhishTank does not disclose personally-identifying information other than as described below.

Protection of Certain Personally-Identifying Information

PhishTank discloses potentially personally-identifying and personally-identifying information only
to those of its employees, contractors and affiliated organizations that (i) need to know that
information in order to process it on PhishTank's behalf or to provide services available at
PhishTank's websites and services, and (ii) that have agreed not to disclose it to others. Some of
those employees, contractors and affiliated organizations may be located outside of your home country;
by using the PhishTank website, you consent to the transfer of such information to them. PhishTank
will not rent or sell potentially personally-identifying and personally-identifying information to
anyone. Other than to its employees, contractors and affiliated organizations, as described above,
PhishTank discloses potentially personally-identifying and personally-identifying information only
when required to do so by law, court order, or when PhishTank believes in good faith that disclosure
is reasonably necessary to protect the property or rights of PhishTank, third parties or the public
at large.

Communications

If you are a registered member of PhishTank and have supplied your email address, PhishTank may
occasionally send you an email to tell you about new features, solicit your feedback, or just keep
you up to date with what's going on with PhishTank. We primarily use the PhishTank blog and website
to communicate this type of information, so we expect to keep this type of email to a minimum. If
you are a registered member of PhishTank and do not wish to receive such emails, please follow the
instructions included in each email sent. If you send us a request (for example via a support email
or via one of our feedback mechanisms), we reserve the right to publish it in order to help us
clarify or respond to your request or to help us support other users. PhishTank takes measures
reasonably necessary to protect against the unauthorized access, use, alteration or destruction of
potentially personally-identifying and personally-identifying information.

Cookies

A cookie is a string of information that a website stores on a visitor's computer, and that the
visitor's browser provides to the website each time the visitor returns. PhishTank uses cookies to
help PhishTank identify and track visitors, their usage of the PhishTank website, and their website
access preferences. PhishTank visitors who do not wish to have cookies placed on their computers
should set their browsers to refuse cookies before using PhishTank, with the drawback that certain
features of PhishTank may not function properly without the aid of cookies.

Privacy Policy Changes

PhishTank may change its Privacy Policy from time to time, and in PhishTank's sole discretion.
PhishTank encourages visitors to frequently check this page for any changes to its Privacy Policy.
Your continued use of our sites and services after any change in this Privacy Policy will constitute
your acceptance of such change.

Questions

Full contact information, including location, may be found on our Contact page.